• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Port Info

• Ships in Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

Granted, you might be fed up with the loads of spam clogging your mail everyday. But on the day you drop vigil, something could go drastically wrong.

UNSOLICITED e-mails have become so much a part of cyberspace that many of us are no longer exercised about them.

As long as we can still access our inbox and also send out mail, we seem to be reconciled to what seems a necessary evil. Such complacence or helplessness is, however, the bane that can one day bring computer systems to a standstill. This is why we cannot ignore spam but keep a close eye on the traffic.

Occasional reports of spammers being hauled up by law for causing extreme annoyance and making dishonest money should be music to the ears of those who understand the grave implications of this wanton assault on an otherwise amazing and efficient medium of communication.

News came in recently that Jason Smathers, a 25-year-old software engineer of the well-known service provider, America Online (AOL), was convicted by a New York court to a year and three months in jail for offences under CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act), a US law passed in 2004.

Smathers used a fellow-employee's access code to steal 92 million addresses of AOL customers. He later sold them for $28,000 to a person who needed them for promoting an offshore gambling site to AOL customers.

It is not known whether Smathers exploited a system vulnerability, or he did some crafty social engineering to acquire the vital information.

He could not, however, get at individual passwords or credit card numbers of the customers. This was possibly because AOL was careful enough to partition information across a number of servers. This is something I would strongly commend to many corporations in IT or other businesses as a fundamental security precaution. Never put all your eggs in the same basket!

Another significant action earlier this year was against Charles Frye of Daytona Beach, Florida, who hijacked Bell South Corporation's subscriber Internet accounts in order to generate spam, mainly against AOL customers.

He is learnt to have used a popular password cracking tool (WWWHack), which carries a collection of usernames and passwords, and by trial and error, helps criminal elements to hit upon the right combination for breaking into systems.

The 26-year-old Frye was ingenious enough to slip across an anti-spam blacklist maintained by AOL. Investigation by the local police led to telephones owned by a company in which Frye and a few others were partners.

These were the lines from which Frye had dialled to gain Internet access. Thereafter, it was a question of tying up some loose ends.

Interestingly, the sentence imposed upon Frye included a six-year probation, during which period he was prohibited from owning or leasing a computer or accessing the Internet. In my view, this was more cruel than the one year in prison that he received!

Recent fascination for wireless Internet has made spamming without leaving a trail simpler than before, and has correspondingly increased the agonies of the investigator. `War driving' or a reckless automobile drive through busy thoroughfares having massive office buildings or large hotels with the driver's laptop fishing for `hotspots' has been on the rise.

As I said in my last column, unsecured Wi-Fi connections are low-hanging fruits for hackers who find it easy to get into somebody's account and use it for unleashing spam. The FBI, which has an exclusive cyber division, and has acquired quite an expertise in handling cyber crime, reports of a Nicholas Tombro who was convicted in September 2004 for sending a huge number of spam mails while driving through the neighbourhood of Marina Del Rey in California.

Incidentally, Tombro was the first to be convicted for spamming in US history. His case illustrates best the danger of owning a Wi-Fi account that lacks basic security features. If someone misuses it for spam, it is you who will face the music.

Spammers seem to be changing techniques forever in order to evade police reach. Their favourite now is stolen credit cards with which to open a number of mail accounts through which to send spam. Free Web mail systems like Hotmail facilitate this even better.

Catching these miscreants will turn on wholehearted collaboration between law enforcement, ISPs (Internet service providers) and individual victims. The FBI has achieved a strong partnership in this area. Its efforts have been greatly facilitated by CAN-SPAM that has proved a reasonable deterrent.

Some State laws are more stringent than Federal legislation, as Jeremy Jaynes, once considered one of the world's top ten spammers, found when a Virginia court convicted him in April 2005 to nine years in jail, against a possible maximum sentence of 15 years pressed by the prosecution.

Interestingly, cases investigated till now give us the impression that hacking not for profit is slowly yielding place to spammers, a majority of whom are after a quick buck. Of course they are basically skilled in hacking, a means by which they inflict bulk mail on hapless individuals and organisations. Also, they are in the age group of 25-30, and more often than not qualified in computer engineering. The kind of money that spammers make - Jeremy Janes made $500,000 a month at the peak of his career and had assets worth $24 million - would bring their activity into the realm of crime investigators, taking it away from that of cyber security experts.

While a robust authentication protocol is no doubt one measure to combat the menace, what is required to complement it is ruthless legislation. Ironically, India is yet to have an anti-spam law, and it is hoped that when the IT Act 2000 undergoes major amendments shortly, this lacuna will be taken care of.

Here I would strongly endorse the draft provision that my friend Naavi has proposed (www.naavi.org) . It is quite comprehensive and takes care of the problem. At the same time, I would like to see a more pro-active CBI that would emulate the FBI in combating cyber crime.

Picture by Sampath Kumar G.P.

The writer is a former CBI Director who is currently Adviser to Tata Consultancy Services Ltd.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
It's green on both sides!

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line